CVE-2011-5000
openssh: post-authentication resource exhaustion bug via GSSAPI
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados provocar una denegación de servicio (excesivo consumo de memoria) a través de un valor demasiado grande en un campo de longitud determinada. NOTA: puede haber escenarios limitados en el que este tema es relevante.
OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-12-24 CVE Reserved
- 2012-04-04 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-07-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://seclists.org/fulldisclosure/2011/Aug/2 | 2024-08-07 | |
http://site.pi3.com.pl/adv/ssh_1.txt | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2012-0884.html | 2012-07-22 | |
https://access.redhat.com/security/cve/CVE-2011-5000 | 2012-06-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=809938 | 2012-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | <= 5.8 Search vendor "Openbsd" for product "Openssh" and version " <= 5.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.2 Search vendor "Openbsd" for product "Openssh" and version "1.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.2.1 Search vendor "Openbsd" for product "Openssh" and version "1.2.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.2.2 Search vendor "Openbsd" for product "Openssh" and version "1.2.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.2.3 Search vendor "Openbsd" for product "Openssh" and version "1.2.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.2.27 Search vendor "Openbsd" for product "Openssh" and version "1.2.27" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.3 Search vendor "Openbsd" for product "Openssh" and version "1.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.5 Search vendor "Openbsd" for product "Openssh" and version "1.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.5.7 Search vendor "Openbsd" for product "Openssh" and version "1.5.7" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 1.5.8 Search vendor "Openbsd" for product "Openssh" and version "1.5.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0 Search vendor "Openbsd" for product "Openssh" and version "3.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0.1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0.2 Search vendor "Openbsd" for product "Openssh" and version "3.0.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.0p1 Search vendor "Openbsd" for product "Openssh" and version "3.0p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.1 Search vendor "Openbsd" for product "Openssh" and version "3.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.2 Search vendor "Openbsd" for product "Openssh" and version "3.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.2.2 Search vendor "Openbsd" for product "Openssh" and version "3.2.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.2.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.2.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.3 Search vendor "Openbsd" for product "Openssh" and version "3.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.3p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.4 Search vendor "Openbsd" for product "Openssh" and version "3.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.4p1 Search vendor "Openbsd" for product "Openssh" and version "3.4p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.5 Search vendor "Openbsd" for product "Openssh" and version "3.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.5p1 Search vendor "Openbsd" for product "Openssh" and version "3.5p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.6 Search vendor "Openbsd" for product "Openssh" and version "3.6" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.6.1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.6.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.6.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.7 Search vendor "Openbsd" for product "Openssh" and version "3.7" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.7.1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.7.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.7.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.8 Search vendor "Openbsd" for product "Openssh" and version "3.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.8.1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.8.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.9 Search vendor "Openbsd" for product "Openssh" and version "3.9" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.9.1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 3.9.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.0 Search vendor "Openbsd" for product "Openssh" and version "4.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.0p1 Search vendor "Openbsd" for product "Openssh" and version "4.0p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.1 Search vendor "Openbsd" for product "Openssh" and version "4.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.1p1 Search vendor "Openbsd" for product "Openssh" and version "4.1p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.2 Search vendor "Openbsd" for product "Openssh" and version "4.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.2p1 Search vendor "Openbsd" for product "Openssh" and version "4.2p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3p1 Search vendor "Openbsd" for product "Openssh" and version "4.3p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3p2 Search vendor "Openbsd" for product "Openssh" and version "4.3p2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.4 Search vendor "Openbsd" for product "Openssh" and version "4.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.4p1 Search vendor "Openbsd" for product "Openssh" and version "4.4p1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.5 Search vendor "Openbsd" for product "Openssh" and version "4.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.6 Search vendor "Openbsd" for product "Openssh" and version "4.6" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.7 Search vendor "Openbsd" for product "Openssh" and version "4.7" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.9 Search vendor "Openbsd" for product "Openssh" and version "4.9" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.0 Search vendor "Openbsd" for product "Openssh" and version "5.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.1 Search vendor "Openbsd" for product "Openssh" and version "5.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.2 Search vendor "Openbsd" for product "Openssh" and version "5.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.3 Search vendor "Openbsd" for product "Openssh" and version "5.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.4 Search vendor "Openbsd" for product "Openssh" and version "5.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.5 Search vendor "Openbsd" for product "Openssh" and version "5.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.6 Search vendor "Openbsd" for product "Openssh" and version "5.6" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.7 Search vendor "Openbsd" for product "Openssh" and version "5.7" | - |
Affected
|